Security Agents for Network Traffic Analysis (SANTA)

IEEE SEPTEMBER 2009

Abstract:This project have the implementation of a distributed agent architecture for intrusion detection and response in networked computers. Unlike conventional intrusion detection systems (IDS), this security system attempts to emulate mechanisms of the natural immune system using Javabased mobile software agents. These security agents monitor multiple levels (packet, process, system, and user) of networked computers to determine correlation among the observed anomalous patterns, reporting such abnormal behavior to the network administrator and/or possibly taking some action to counter a suspected security violation. The project focuses on the design aspects of such an intrusion detection system by integrating different artificial intelligence techniques and a mobile agent architecture.

Implementation of security agents monitor multiple levels Packet, Process, System, and user of networked computers to determine correlation among the observed anomalous patterns, reporting such abnormal behavior to the network administrator and/or possibly taking some action to counter a suspected security violation. Active monitoring Robust Detect failed components and restore them without stopping the system Acceptable system performance Should not interfere with the normal functioning of the host. Alter detection policies in response to critical events

Dynamic configurability Change in configuration of software components, administrative policies Dynamic extensibility Addition of new monitoring functions, tools

Implementation Modules :1. GUI based Remote Interface Monitoring Listing a Remote Host Listing Mobile Agent Display a Warning Agent Action Agent information

2. Designing a Remote Server Application This module is designed for managing and controlling the agents Execution of agents on the runtime. A machine that hosts incoming agents is running the Java runtime environment. This runtime must implement facilities for executing agents concurrently. Java provides the ability to run several threads on a Java runtime . Therefore, it is easy to manage several concurrent application processes (called agents) on the same runtime. When an agent needs to execute on the runtime, the runtime creates a new thread which executes the agents program.

Migration of agents between different runtimes. The second important issue when implementing a mobile agent distributed environment is agent migration. When an agent migrates, two kinds of objects have to be transferred: classes and instances. The classes constitute the program executed by the agent while the instances compose the execution 3. Mobile Agents The agent learns about its environment and actions to be more effective. The agent must be able to communicate not only with the master agent at the host but with other agents, too. Through this communication, an agent can collaborate with other agents in the intention to reach its goals

4. User Authentication 3 4 5 6 Creating Remove Change user key.

5. Implementing Mobile Agents

6. Agent is implemented in Agent Runtime Enviroment

Flow Chart

Software Requirements :-

Language O/S

: Java, RMI, SWING : WIN2000 Server , TCP/IP